Privacy policy

Open Payment Technologies Ltd, ("The Company"), with registered office at Second Floor, The Old Court House, Athol Street, Douglas, Isle of Man, IM1 1LD is responsible for the processing and protection of your personal data, subject to the Isle of Man Data Protection Act 2018 and in accordance with the present (GDPR 2018 application)

This Privacy Policy ("Policy") describes the "Personal Data" we process about you, how we use it, how we share it, your rights and choices, and how you can contact us regarding our privacy practices. This Policy also describes your rights as a data subject, including the right to object to certain uses of such data by us.

"Personal Data" means any information relating to an identified or identifiable individual and includes information that you provide to us or that we collect, for example, when you interact with our services. The type and amount of personal data we collect about you will depend on how you choose to interact with the Company.

"Services" means the products and services indicated by the Company in its Terms and Conditions, covered by this Policy, and include the services offered by our application and website as defined below. Our "Business Services" are services provided by the Company to entities ("Merchants") that directly and indirectly provide us with personal data of "End Customers" in connection with such users' own business and activities. Our "End User Services" are those services that the Company provides directly to any natural person for their personal use.

"Sites" means The Company's official website www.kuady.com and mobile application (App).

Depending on the activity, the Company acts as a "data controller" and/or "data processor (or service provider)" in accordance with the following Policy.

Privacy Statement

Your data is used only for explicit, legitimate, and specific purposes in relation to our various Services, and only strictly necessary data will be processed.

We do not keep your data beyond the time necessary for the operations for which it was collected, or as provided by the recommendations of applicable laws (such as legal requirements).

Please note that to comply with this privacy statement you must be of legal age, nowhere on our Sites will we knowingly collect personal data or information from persons under the age of 18. No personal data considered sensitive will be collected.

Consent.

By accepting this Policy, you expressly consent to the "processing" of your personal data for the exclusive purposes defined herein and for the provision of the Service(s) that you contract with us (contractual obligation).

By "processing" of your personal data, we mean the storage, which is understood as the storage in a register or in a database, obtained by our own means or provided by third parties; use for the operation, whether automated or not, that permits the collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, collating or interconnection, limitation, erasure or destruction and, as specified herein, its disclosure.

What personal data will we use, how do we collect it and for what purposes?

The Company will collect, use, and process the following information through the “Sites”, application, email or any other means we make available to you for the provision of its Services to:

1. Merchants.

Data Personal identification and contact: Full name, date and place of birth, gender, nationality, e-mail address, official personal identification number or other unique identifiers contained in a valid official document according to the country of residence, telephone number.

Primary purposes of processing: The personal data we collect from you will be used for the following main purposes, which are necessary for the service you are requesting: (i) Account creation on the Company "Sites". (ii) Onboarding and KYB (Know Your Business) process for the review and approval of the Compliance team based on The Company's internal policies. (iii) Generate the necessary documentation for the business relationship. (iv) Provide you with the contracted Services. (v) Take steps to keep your personal data and your company's legal documentation up to date. (vi) Risk analysis and clarification to prevent money laundering, detect fraud or illicit activity against you or the Company. (vii) Conduct legal reviews and due diligence. (viii) Communicate with you to fulfill our obligations under the Terms and Conditions. (ix) Carry out all types of analysis to improve the services offered by The Company and (x) Comply with our legal obligations.

Secondary purposes of the processing:

Subject to applicable law (including obligations regarding obtaining consent from data subjects), we may promote our Services through personalized advertising and through the sending of emails or other communication technologies, as well as attempt to measure the effectiveness of our advertisements. We do not sell or disclose Representatives' Personal Data to any third party so that they can use it for advertising purposes. The data will be used for the following secondary purposes, which are not necessary for the service, but are very important for us:

Marketing, advertising, or commercial prospecting purposes with respect to the services we offer, whether our own or those of third parties.
Conduct service surveys, with the aim of evaluating and improving the quality of the products and services we offer.

2. End Customers

When we act as a service provider (i.e. data processor) of a Merchant , we process Personal Data in accordance with the terms of our agreement with that User and the lawful instructions provided to us by the Merchant (for example, where we process a payment to a Merchant as a result of the purchase of any of their products) or where they direct us to refer you to you a certain amount.

Merchants are responsible for ensuring that the privacy rights of their End Customers are respected, including ensuring that appropriate information is provided in relation to the processing, referral and use of data that takes place in relation to the products and services they offer. If you are an End Customer, please refer to the notice or privacy policy of the Merchant with whom you have any type of business relationship for information about their privacy practices, choices, and controls.

We may also act as a controller of your personal data, where we have a direct relationship with you, using our services made available on The Company's "Sites".

Personal Identification and Contact Data: Full name, date and place of birth, gender, nationality, email, telephone number, address, official personal identification number or other unique identifiers contained in a valid official document according to the country of residence, occupation,

Financial Data: card number and CVV / PCI, cardholder's name, expiration date, amount, bank account, bank name, currency.

Biometric data: Facial image for identity verification.

No sensitive personal data will be collected; however, you may activate the fingerprint or facial recognition access feature on your mobile device, the Company will not process such sensitive data or have access to it, you may deactivate the feature on your mobile device at any time.

Primary purposes of processing: The personal data we collect from you will be used for the following main purposes, which are necessary for the service you are requesting: (i) Verify and confirm your identity through the KYC (Know Your Customer) process. We use Personal Data about your identity to provide verification services to reduce fraud and improve security. If you provide a "selfie" along with an image of your ID, it will be to compare and calculate the match, verifying your identity. (ii) Account creation on the Company "Sites"; (iii) Provide contracted products or services offered by us. (iv) Process the transactions requested by you. (v) Perform risk analysis and clarification to prevent money laundering, detect fraud or illicit activity against you or the Company. (vi) To deal with complaints, claims and suggestions sent to The Company. (vii) communicate with you to fulfill our obligations under the Terms and Conditions. (viii) Carry out all types of analysis to improve the services offered by The Company and (ix) Comply with our legal obligations.

Secondary purposes of the processing:

Subject to applicable law (including obligations regarding obtaining consent from data subjects), we may promote our Services through personalized advertising and through the sending of emails or other communication technologies, as well as attempt to measure the effectiveness of our advertisements. We do not sell or disclose our end customers' Personal Data to any third party so that they can use it for advertising purposes. The data will be used for the following secondary purposes, which are not necessary for the Service, but are very important for us:

Marketing, advertising, or commercial prospecting purposes with respect to the Services we offer, whether our own or those of third parties.
Conduct service surveys, with the aim of evaluating and improving the quality of the products and Services we offer.

We will not send marketing, advertising, or commercial communications without your consent.

What Third Party Data Do We Collect?

The Company may process Personal Data of Third Parties (who are not Merchants, End Customers), when you visit our "Sites", we may receive your Personal Data either because you provide it to us or because it is collected through our use of cookies and similar technologies. Please review the section on the use of Cookies. We use the information about you that we obtain from cookies and similar technologies to measure engagement with content on the Sites, to improve relevance and navigation, to personalize your experience (e.g., through site language and relevant content based on your geographic location), and to improve the Services we offer to you based on the region in which you are located.

Treatment.

In addition to the above, the Company may process your personal data for the following purposes:

Communications. We will use your contact information to provide the Services, which may include sending codes via SMS, WhatsApp, or email, to authenticate you.
Social media and promotions. If you choose to submit Personal Data to us to participate in an offer, program, or promotion, we will use it to administer the offer, program, or promotion. We will also use that Personal Data that you make available on social media to send you advertising about our Services, except where this activity is prohibited.
Security and fraud prevention. We collect and use personal data to help us detect and manage the activity of fraudulent actors and other malicious actors on our Services, to enable our commercial fraud detection services, and to try to secure our Services and transactions against unauthorized access, use, modification, or misappropriation of Personal Data, Information and Funds. In connection with monitoring, prevention, and security and security activities for The Company and its Merchants, we receive information from service providers (including credit bureaus), from third parties, and from the Services we provide. We may process information about you, provided by Merchants, financial institutions, and, in some cases, third parties, to protect our Services, we may also receive information from third parties about IP addresses that have been compromised by malicious actors.
This personal data (e.g., name, address, phone number, country) helps us confirm identities, perform credit checks subject to applicable law, and prevent fraud. We may also use technologies to assess the fraud risk associated with an attempted transaction by an end user with a Merchant or financial partner.
Compliance with legal obligations. We use personal data to comply with our contractual and legal obligations related to anti-money laundering laws, Know-Your-Customer (KYC), counter-terrorism, export control, and prohibitions on doing business with restricted persons or in certain business areas, as well as other legal obligations. We strive to make our Services secure and compliant, and the processing of personal data is critical to this purpose. For example, we may monitor the patterns of payment transactions and other online signals and use those insights to reduce the risk of fraud, money laundering, and other activities harmful to The Company and Users.

Who do we transfer your data to?

In addition to the ways described above, we share Personal Data in the following ways:

Subsidiaries of The Company. We share Personal Data with other entities affiliated with The Company. When we share with these entities, it is for the purposes identified in this Policy.
Service Providers, Operators, or Data Processors. To provide our Services, we may use third-party services. Our Service Providers will be considered Processors and will act on our instructions for the provision of critical services, such as hosting (storage), analytics to evaluate the speed, accuracy, and/or security of our Services, identity verification, customer support, email, and auditing. We authorize these service providers to use or disclose the Personal Data we make available to them to perform services on our behalf and comply with applicable legal requirements. We also require them to make a contractual commitment to protect the security and confidentiality of the Personal Data they process on our behalf.
Financial partners. "Financial Partners" are the financial institutions with which we partner to provide the Services (including payment method acquirers, banks, and payment providers). We share Personal Data with certain financial partners in order to provide the services to the associated Merchants and to provide certain Services in collaboration with our Financial Partners. For example, we share certain Proxy Personal Data (e.g., loan repayment data and contact information) with institutional investors who purchase or provide credit secured by equity loans we have made to associated Merchants.
Corporate transactions. In the event that we enter into, or intend to make, a transaction that alters the structure of our business (such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or a portion of our business, assets, or stock), we may share Personal Data with third parties in connection with such transaction. Any other entity that buys from us or acquires any part of our business will have the right to continue to use your Personal Data, upon notice from the Data Subjects and subject to the terms of this Policy.
Regulatory compliance and prevention. We share personal data when we deem it necessary to:

1. Comply with applicable laws in each country of residence.

2. Comply with rules imposed by a payment method in connection with the use of that payment method (e.g., Mastercard network rules).

3. Enforce our contractual rights.

4. Ensure the security and protect the Services, rights, privacy, safety, and property of the Company, you, or any third party, including against other malicious or fraudulent activities and security incidents; and

5. Respond to valid and well-founded court requests issued by courts, law enforcement agencies, regulatory bodies, and authorities, which may include authorities outside your country of residence.

What are our Legal Bases for Processing?

a) Consent. We will always process your personal data based on the free, informed and unambiguous consent you provide to us, either directly or indirectly for the specific purposes described in this Privacy Policy in your capacity as a business entity processor.

b)Contractual and pre-contractual business relationships. We process personal data to formalize business relationships with other potential business entities and to comply with the respective contractual obligations we have with such entities, as well as we process personal data for compliance with the Terms and Conditions that you agree to when requesting our services.

c) Legitimate Business Interests. In accordance with applicable legislation, we process data to comply with The Company's legal obligations, such as the prevention and clarification of fraud, as well as the provision of our services.

What security measures and for how long do we store your personal data?

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse.

To help us protect your Personal Data, when you have an account with The Company, we recommend that you use a strong password, protect that password to prevent unauthorized use, and do not use the same login credentials (e.g., password) as your The Company accounts for other services or accounts. If you have any reason to suspect that your interaction with us is no longer secure (for example, if you believe that the security of your account has been compromised), please contact us immediately.

We retain your personal data for as long as the Service(s) contracted by you or our Merchants (as applicable) or for such period as we reasonably expected to provide the Service.

After we cease to provide the Services directly to you or a Merchant, if you have closed your account or completed a transaction with a Merchant, we retain your Personal Data only for the following purposes:

Comply with our legal and regulatory obligations.
Be able to carry out fraud monitoring and detection and loss prevention activities.
Comply with our tax, accounting, and financial reporting obligations,
Where we are required to do so by contractual commitments to our financial partners (and where data retention is required by the payment methods you used).

Where we retain Personal Data, we do so in accordance with the statute of limitations and record-keeping obligations imposed by applicable law.

What are Cookies?

During the registration and registration process of our "Sites", personal information of each User will be collected and stored, necessary for the provision of the service, verification of their identity and to prevent unauthorized use. This data may also be used to respond to any comments, requests, queries, or questions from Users tags. During the use of the Mobile Applications (Apps) developed by the Company, it may access, collect, import or store the geographic location data necessary for the provision of the service and the data on the use of the application by the Users. This information will be handled in a de-identified manner (i.e. without the User being personally identified) for our own market research and analysis, as well as for our business partners, as well as for the purpose of improving the quality, reliability, and performance of the application, as well as for commercial purposes.

A cookie is a short piece of information that the website sends to your computer, which is stored on your hard drive. When you browse the Website, the Company may collect and store information from your Device, to generate usage statistics that allow us to improve products or services and provide a better service, and for support and maintenance operations. The next time you enter our site, we may use the information stored in the cookie to make it easier for you to use our website. For example, we may use the cookie to store a password so that you do not have to enter it again each time you move to a different section of our website. A cookie does not allow us to know your personal identity unless you expressly choose to provide it to us. Most cookies expire after a certain period of time, or you can delete them at any time from your browser. By following the instructions of the internet browser. You can also have your browser warn you when you receive a cookie so that you can accept or reject it by following your internet browser's instructions. Cookies cannot run any programs or viruses. the Company's cookies cannot read data from your hard drive.

Applications or websites use cookies with the intention of knowing the operating system (browser) you are using, the sites and services you are accessing and the geographical location in which you are located. It is essential that you consult the internet options of your browser to configure the operation and control of cookies.

How can you exercise your privacy rights?

As the owner of your personal data, you have the right to decide on your Personal Data at any time.

Treatment and Rights

You opt-out of receiving electronic communications from us.

If you no longer wish to receive marketing emails from us, you may opt-out of receiving them via the unsubscribe link included in the messages or by sending an email with the request to the emails from our Personal Data Protection departments of each entity described below. We will try to accommodate your requests as soon as reasonably practicable. Please note that if you opt-out of receiving marketing emails from us (i) we will still be able to send you notifications regarding the services we are providing to you and (ii) our Merchants may continue to send you messages and/or ask us to send correspondence on their behalf.

Your data protection rights.

You have the right to request confirmation of the existence of processing of personal data (information); to have access to your data, by requesting the availability of a copy of the personal data you have provided to us (access); correction of incomplete, inaccurate or outdated data (rectification); the revocation, at any time, of your previously given consent to data processing as well as information on the possibility of your not consenting to certain data processing and the consequences of not giving your consent (revocation); anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the GDPR (erasure); object to the use of your personal data for specific purposes (objection); restricting the processing of your data (restriction); the portability of your personal data to another service or product provider (portability), as well as information about the public and private entities with whom we share data.

To exercise any of the rights, you must send a request to the email address dataprotection@kuady.com which must comply with the following requirements and documents:

I. Full name of the data subject.

II. Copy of the document that proves your identity on both sides.

III. If the interested party appears through a legal representative, the latter must also show, by the same means, the documents proving the legal representation (simple power of attorney signed by the interested party, the attorney-in-fact and two witnesses, accompanied by a copy of the identifications of the agent and the two witnesses).

IV. Clear and precise description of the personal data in respect of which you are seeking to exercise any of your rights.

Requests will be dealt with under the terms provided for in the GDPR, through our data protection officer, who can be contacted for questions or clarifications through the email address.

Complaints about the Processing of Personal Data.

If you have a complaint about the way we process your personal data, please contact us in the first instance in the hope that we can resolve the matter with you. However, if you do not wish to communicate your concerns to us or we have not responded satisfactorily to your data protection complaint, you have the right to lodge a complaint with the authority: Isle of Man Information Commissioner, P.O. Box 69, Douglas, Isle of Man, IM99 1EQ Telephone: +44 1624 693260 Email: ask@inforights.im 

How can you find out about changes to this privacy policy?

This Privacy Policy may be modified, changed, or updated as a result of new legal requirements, our own needs for the products or services we offer, our privacy practices, changes in our business model or other causes.

The procedure through which notifications about changes or updates will be made will be through an informative note on our website, App, by email or any other technological means available at the time.

Publication Date: April 2024